The Equifax data breach was one of the most massive data breaches of all time, and it has resulted in the biggest settlement for a data breach to date. After two years of investigations at the state and federal levels, credit reporting agency Equifax has agreed to a $675 million – up to possibly $700
Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead
In response to the Equifax data breach last September, when hackers gained access to the personal information of 143 million consumers, Senators Elizabeth Warren (D-MA) and Mark Warner (D-VA) have introduced a bill, The Data Breach Prevention and Compensation Act of 2018, that would ultimately impose security obligations on credit reporting agencies (CRAs). The
New Mexico is the 48th state to enact a data breach law. That law, the Data Breach Notification Act (HB15), is scheduled to take effect on June 16, 2017. Alabama and South Dakota are now the only states without a data breach notification law.
The New Mexico law is like other state breach notification laws
Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent
We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015
The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for
In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here
The U.S. Federal Trade Commission (FTC) issued new data security guidance for businesses on June 30, 2015. The publication, Start With Security: A Guide for Business, consolidates other guidance from the FTC that reflects its position that security by design, much as privacy by design, should be integrated into business processes. The guidance isn’t
Every class action lawsuit always involves the question of how to identify, or “ascertain”, who is a member of the class. Consumers keep expensive products or at least keep records related to their purchase. Inexpensive or transitory products are generally gone by the time litigation commences and no records of the purchase exist. In such
